How to set up a bonding VPN connection in Linux

How to set up a bonding VPN connection in Linux

How to set up a wireless bandwidth bonding VPN connection in Linux using VtrunkD

Preface

This is a first short tutorial on how to set up VtrunkD Linux multichannel VPN daemon to achieve aggregated bandwidth speeds using your 3G or LTE modems, or whatever other connections you have.

Setting up bonded VPN tunnel using multichannel VPN technology allows you to get a more stable connection for streaming, more combined bandwidth to download and upload files, and generally improves internet experience in case of a mobile setup, for example in a car, or in case if you have several different internet connections that are all unreliable separately.

In order to do channel bonding, you will need to have a gateway server somewhere in the cloud or in a place with a good and stable channel, with at least twice the bandwidth that you want to achieve. This is because packet-level aggregation splits the traffic into several streams and these streams need to be merged before reaching the destination. That is why there are two modes of operation in VtrunkD – the server mode and the client mode. The principles of operation are very much similar to an ordinary VPN, like vtun or openvpn.

The overall process diagram looks like this:

General vtrunkd components diagram

As VtrunkD is a heavily-multicore system, it spans a separate process for each connection, up to 30 of them in case you have that many uplinks.

For this tutorial, we will assume that we have 3 slower internet connections on the client side, the wwan1, wwan2 and wwan3, and one superfast internet link on the server side, eth0. Gigabit internet connections are not uncommon for the modern cloud VPS/VDS hosting services.

We will also assume that you have ubuntu server and Ubuntu client. Our configuration will look like this:

3 Huawei modems with 3 different SIM cards from different carriers

Huawei modems VPN bonding

One Banana Pi M2 board with bunch of USB cables

Banana Pi M2 used for LTE bonding using VtrunkD

And one Ubuntu server somewhere on the Internet, with full root and kernel access

Remote server console

You can use any other ubuntu client instead of Banana Pi M2, for example, a laptop with Ubuntu installed or any other board like Raspberry Pi 2 or Orange Pi PC, or even use Linux distribution of your choice instead of Ubuntu, these instructions will still apply.

Step 1. Prepare server

In order to proceed, we will need to compile and run VtrunkD from source. On ubuntu server, we do:

1

2

3

4

5

6

sudo apt-get install build-essential flex bison git

git clonehttps://github.com/VrayoSystems/vtrunkd.git

cd vtrunkd

./configure--prefix=

make

sudo make install

Next, we will need to create a basic configuration file, we will take one from the examples

1

2

sudo cp./vtrunkd.conf/etc/

sudo nano/etc/vtrunkd.conf

we will leave everything as is, just replace the default password “testpasswd”:

Editing VtrunkD configuration file on a cloud server

and press CTRL-X to save, answer yes, and exit pressing ENTER

Now, we need to do some basic setup on the server side in order to allow us to actually reach the internet once we are connected. We will add the following lines to /etc/rc.local by issuing sudo nano /etc/rc.local

1

2

iptables-tnat-APOSTROUTING-jMASQUERADE

vtrunkd-s-f/etc/vtrunkd.conf-P6000

And in sysctl.conf:

1

sudo nano/etc/sysctl.conf

add lines to the end:

1

2

3

net.ipv4.ip_forward=1

kernel.shmmax=300000000

kernel.shmall=300000000

this will launch VtrunkD at port 6000 after the restart and enable packet forwarding. Now, reboot for the changes to take effect.

1

sudo reboot

Server configuration is now complete.

Step 2. Set up client

In order to set up the client, we will need to compile VtrunkD the same way as we did it on the server, but this time we will do it on an ARM board. Log in to Banana Pi, the default user and password for Banana Pi Ubuntu is pi and bananapi:

1

2

3

4

5

6

sudo apt-get install build-essential flex bison git

git clonehttps://github.com/VrayoSystems/vtrunkd.git

cd vtrunkd

./configure--prefix=

make

sudo make install

also, make sure to add to sysctl.conf:

1

2

3

net.ipv4.ip_forward=1

kernel.shmmax=300000000

kernel.shmall=300000000

and in rc.local:

1

iptables-tnat-APOSTROUTING-jMASQUERADE

Now here comes the tricky part. In order for VtrunkD to utilize our 3 connections, we will need to set up 3 different routing tables and rules how to route traffic to them. In the default client config Dvtrunkd uses packet mark 1 to 3 for each of our 3 connection, so we will need to install 3 rules:

1

2

3

sudo ip rule add fwmark0x1lookup101

sudo ip rule add fwmark0x2lookup102

sudo ip rule add fwmark0x3lookup103

and add three rules to tables to prevent accidental routing:

1

2

3

sudo ip route add defaultdev lo table101metric200

sudo ip route add defaultdev lo table102metric200

sudo ip route add defaultdev lo table103metric200

you can place these lines in /etc/rc.local to be sure that they will be added after reboot.

The next thing is configuring interfaces. As all these Huawei modems have the same IP address and MAC address (not usually the case if you have different providers) – we will have to manually configure them from the command line.

I use this simple script to configure modems and set default routes through these modems in the three tables we just created:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

#!/bin/sh

whiletrue;do

forIFin`ifconfig-a|grep rename|cut-d' '-f1`;do

WWID=`/devname2.sh`

NAME=wwan$WWID

ifconfig$IFdown

ip link set$IFname$NAME

ifconfig$NAME192.168.8.2netmask255.255.255.0

ip route add defaultvia192.168.8.1dev$NAME table10$WWID metric100

done

forIFin`ifconfig-a|grep eth|grep-veth0|cut-d' '-f1`;do

WWID=`/devname2.sh`

NAME=wwan$WWID

ifconfig$IFdown

ip link set$IFname$NAME

ifconfig$NAME192.168.8.2netmask255.255.255.0

ip route add defaultvia192.168.8.1dev$NAME table10$WWID metric100

done

if!route-n|head-n1|grep10.0.0.1;then

route del default

fi

route add defaultgw10.0.0.1dev tun1

sleep30

done

In my example, I put it to /opt/modem.sh. This script will constantly retry configuring and adding modems to tables, as well as setting the default gateway.

You can check that the modem is configured properly by using these commands:

1

2

3

ping-m18.8.8.8# will check modem 1

ping-m28.8.8.8# 2

ping-m38.8.8.8# 3

Now as the modems are okay, we will use client VtrunkD config from the package, change the password:

1

2

sudo sudo cp./vtrunkd_client.conf/etc/vtrunkd.conf

sudo nano/etc/vtrunkd.conf

And finally start VtrunkD for each modem with these commands:

1

2

3

sudo vtrunkd-P6000-f/etc/vtrunkd.conf000000_1XXX.XXX.XXX.XXX

sudo vtrunkd-P6000-f/etc/vtrunkd.conf000000_2XXX.XXX.XXX.XXX

sudo vtrunkd-P6000-f/etc/vtrunkd.conf000000_3XXX.XXX.XXX.XXX

where XXX.XXX.XXX.XXX is IP address of your server.

Now you can see the interface tun1 appeared and can ping 10.0.0.1 – the address our server has, and finally test some downloading!

In order to use your board as the actual router, you will have to further configure it, for example as is explained here: http://www.yourownlinux.com/2013/07/how-to-configure-ubuntu-as-router.html or in the official Ubuntu documentation.

Your final rc.local on the Banana Pi may look something like this:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

#!/bin/sh -e

iptables-tnat-APOSTROUTING-jMASQUERADE

ip rule add fwmark0x1lookup101

ip rule add fwmark0x2lookup102

ip rule add fwmark0x3lookup103

ip route add defaultdev lo table101metric200

ip route add defaultdev lo table102metric200

ip route add defaultdev lo table103metric200

# these lines are required for Banana Pi to run at full CPU clock

echo1200000>/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq

echo1200000>/sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq

vtrunkd-P6000-f/etc/vtrunkd.conf000000_1XXX.XXX.XXX.XXX

vtrunkd-P6000-f/etc/vtrunkd.conf000000_2XXX.XXX.XXX.XXX

vtrunkd-P6000-f/etc/vtrunkd.conf000000_3XXX.XXX.XXX.XXX

bash/opt/modem.sh&

exit0

In this example, I have shown how to do basic configuration to make use of multichannel VPN bonding that VtrunkD provides, that allows aggregated link speeds and seamless failover. Other possible use cases are data duplication to enable guaranteed delivery and guaranteed minimum possible latency, bufferbloat control, live video streaming optimization, and others. Vrayo Systems provides professional updates, bug fixes and support for commercial VtrunkD deployments on various types of hardware.

pepe

Vrayo Systems

We, Vrayo Team, understand that the above tutorial written by Andrew (the creator of VrtunkD and the founder of Vrayo) yet in 2016 doesn’t answer all the questions. Yes, it may even be considered ‘half-baked’ as one of you called it in his email to Vrayo. As we continue to develop and evolve VtrunkD, we’ll update website content, but for now, we are busy with a few Enterprise clients.

At the same time, we do want to assist you by helping you to deploy VtrunkD. In such cases, we can offer you Quick Start service whereby our experts will assist you with deploying VtrunkD in your environment. Quickstart service incurs the cost of approx. €1’000 before VAT and includes no customisation or optimisation.

If you are interested then please reach out via http://www.vrayo.com/support/ clarify the following:
1) what is it you are trying to achieve by using VtrunkD?
2) a brief(!) description of the environment, i.e. hardware, software, network spec and versions, and etc.
3) timeline for the project, i.e. when do you want it done?